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WHAT IS CLAIMED IS: 

1. A data processing device comprising: 

a memory interface unit for accessing data storage 
means ; and 

a control unit for controlling said memory interface 

unit; 

wherein : 

an access permission table which is stored in a data 
storage area in said data storage means is set in said 
memory interface unit; and 

in response to an access command to access said data 
storage means, which is issued by said control unit, said 
memory interface unit determines, by referring to the access 
permission table, whether or not to execute the access 
command, whereby processing which is set executable by the 
access permission table is only executed. 

2 . A data processing device according to Claim 1 , 
wherein: 

the data storage area in said data storage means is a 
flash memory having a plurality of blocks, each of which 
consists of a plurality of sectors which each have a 
predetermined data capacity; 

in the access permission table, permission information 
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on block-unit data processing is set; and 

in accordance with the set permission information, said 
memory interface unit includes means for determines whether 
or not the block- unit data processing can be executed. 

3. A data processing device according to Claim 1, 
wherein : 

only when a type of processing corresponding to the 
access command from said control unit is within a range of 
processing types which are set executable by the access 
permission table does said memory interface unit execute the 
type of processing, and sets a process-success flag in 
accordance with a success of the processing in said memory 
interface unit; and 

said control unit executes processing thereof on 
condition that the setting of the process-success flag in 
said memory interface unit is verified. 

4. A data processing device according to Claim 1, 
wherein : 

when the access command designates a data- file reading 
process, said control unit executes a process in which the 
address of a data file to be read is selected from a file 
allocation table corresponding to the data storage area in 
said data storage means and is transmitted to said memory 
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interface unit; and 

after receiving the address of the data file, said 
memory interface unit determines, by using the received 
address to refer to the access permission table, whether or 
not an address-assigned area having the address is a data- 
readable area, and only when the address -assigned area is a 
data- readable area does said memory interface unit execute 
the data-file reading process. 

5. A data processing device according to Claim 1, 
wherein : 

when the access command designates a data-file writing 
process, said control unit executes a process in which the 
address of a data file to be written is selected from the 
data storage area in said data storage means and is 
transmitted as a write address to said memory interface 
unit ; and 

after receiving the write address, said memory 
interface unit determines, by using the received write 
address to refer to the access permission table, whether or 
not an address -assigned area having the write address is 
data-writable area, and only when the address -as signed area 
is a data-writable area does said memory interface unit 
execute the data-file writing process. 
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6. A data processing device according to Claim 1, 
wherein: 

in the access permission table, in the form of 
additional data, an integrity check value which is generated 
based on data in the access permission table is included as 
a check value for verifying whether or not the data in the 
access permission table is interpolated; 

said memory interface unit includes a cryptosystem unit 
for, based on the integrity check value, executing the 
integrity checking of the access permission table; and 

when said cryptosystem unit determines that the access 
permission table has not been interpolated, the access 
permission table is set in said memory interface unit, and 
data processing is executed based on the determination of 
access permission in accordance with the set access 
permission table. 

7. A data processing device according to Claim 1, 
wherein : 

in the access permission table, in the form of 
additional data, an integrity check value which is generated 
based on data including data in the access permission table 
and an identifier unique to said data storage means is 
included as a check value for verifying whether or not the 
data in the access permission table is interpolated; 
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the verification based on the integrity check value by 
said memory interface unit is executed as the verification 
of whether or not the access permission table is stored in 
valid media, in addition to the verification of whether or 
not the data in the access permission table is interpolated; 
and 

when verifying the validity of storage, the access 
permission table is set in said memory interface unit, and 
data processing is executed based on the determination of 
access permission in accordance with the set access 
permission table. 

8. A data processing device according to Claim 1, 
wherein, when mutual authentication is established as a 
result of mutual authentication with said data storage means, 
the access permission table, which is stored in the memory 
of said data storage means, is set in said memory interface 
unit . 

9. A data processing device according to Claim 1, 
wherein : 

said data storage means is a flash memory having a data 
storage area which has a plurality of blocks, each of which 
consists of a plurality of sectors in which each of the 
sectors has a predetermined data capacity; 
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in the access permission table, either information on 
whether or not block-unit data erasure can be performed or 
information on whether or not block-unit data playback can 
be performed is set; and 

in accordance with either information set in the access 
permission table, said memory interface unit determines 
whether or not block-unit data processing can be executed. 

10. A data storage device comprising a data storage 
area consisting of a plurality of blocks, each of which 
consists of a plurality of sectors which each have a 
predetermined data capacity, 

wherein, in said data storage area, an access 
permission table in which permission information on block- 
unit data processing in the data storage area is set is 
stored. 

11. A data storage device according to Claim 10, 
wherein data-processing-permission information on blocks of 
the data storage area in which the access permission table 
is stored is set to indicate that the blocks are treated as 
an erasure-prevented area. 

12. A data storage device according to Claim 10, 
further comprising a cryptosystem unit for executing mutual 
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authentication with a data processing device which performs 
data transfer to said data storage device, 

wherein, when the mutual authentication is established, 
a process which transfers the access permission table to 
said data processing device is executed. 

13. A data processing method for a data processing 
device comprising a memory interface unit for accessing data 
storage means and a control unit for controlling said memory 
interface unit, wherein said memory interface unit performs 
the steps of: 

setting therein an access permission table which is 
stored in a data storage area in said data storage means; 

determining, by referring to the access permission 
table in response to an access command to access said data 
storage means, whether or not to execute the access command; 
and 

executing only a process which is set executable by the 
access permission table. 

14. A data processing method according to Claim 13, 
wherein : 

the data storage area in said data storage means is a 
flash memory having a plurality of blocks, each of which 
consists of a plurality of sectors which each have a 
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predetermined data capacity; 

in the access permission table, permission information 
on block-unit data processing is set; and 

in accordance with the set permission information, said 
memory interface unit includes means for determines whether 
or not the block-unit data processing can be executed. 

15. A data processing method according to Claim 13, 
wherein : 

only when a type of processing corresponding to the 
access command from said control unit is within a range of 
processing types which are set executable by the access 
permission table does said memory interface unit execute the 
type of processing, and sets a process- success flag in 
accordance with a success of the processing in said memory 
interface unit; and 

said control unit executes processing thereof on 
condition that the setting of the process-success flag in 
said memory interface unit is verified. 

16. A data processing method according to Claim 13, 
wherein : 

when the access command designates a data- file reading 
process, said control unit executes a process in which the 
address of a data file to be read is selected from a file 
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allocation table corresponding to the data storage area in 
said data storage means and is transmitted to said memory 
interface unit; and 

after receiving the address of the data file, said 
memory interface unit determines, by using the received 
address to refer to the access permission table, whether or 
not an address -assigned area having the address is a data- 
readable area, and only when the address-assigned area is a 
data-readable area does said memory interface unit execute 
the data-file reading process. 

17. A data processing method according to Claim 13, 
wherein : 

when the access command designates a data-file writing 
process, said control unit executes a process in which the 
address of a data file to be written is selected from the 
data storage area in said data storage means and is 
transmitted as a write address to said memory interface 
unit ; and 

after receiving the write address, said memory 
interface unit determines, by using the received write 
address to refer to the access permission table, whether or 
not an address-assigned area having the write address is 
data-writable area, and only when the address -assigned area 
is a data-writable area does said memory interface unit 
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execute the data-file writing process. 

18. A data processing method according to Claim 13, 
wherein: 

in the access permission table, in the form of 
additional data, an integrity check value which is generated 
based on data in the access permission table is included as 
a check value for verifying whether or not the data in the 
access permission table is interpolated; and 

said memory interface unit executes the steps of: 

executing, based on the integrity check value, the 
integrity checking of the access permission table; 

setting the access permission table in said memory 
interface unit when it is determined that the access 
permission table has not been interpolated; and 

executing data processing based on the determination of 
access permission in accordance with the set access 
permission table. 

19. A data processing method according to Claim 13, 
wherein: 

in the access permission table, in the form of 
additional data, an integrity check value which is generated 
based on data including data in the access permission table 
and an identifier unique to said data storage means is 
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included as a check value for verifying whether or not the 
data in the access permission table is interpolated; and 

said memory interface unit executes the steps of: 

executing the verification based on the integrity check 
value as the verification of whether or not the access 
permission table is stored in valid media, in addition to 
the verification of whether or not the data in the access 
permission table is interpolated; 

setting therein the access permission table when the 
validity of storage is verified; and 

executing data processing based on the determination of 
access permission in accordance with the set access 
permission table. 

20. A data processing method according to Claim 13, 
wherein, when mutual authentication is established as a 
result of mutual authentication with said data storage means, 
the access permission table, which is stored in the memory 
of said data storage means, is set in said memory interface 
unit . 

21. A data processing method according to Claim 13, 
wherein : 

said data storage means is a flash memory having a data 
storage area which has a plurality of blocks, each of which 
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consists of a plurality of sectors in which each of the 
sectors has a predetermined data capacity; 

in the access permission table, either information on 
whether or not block-unit data erasure can be performed or 
information on whether or not block- unit data playback can 
be performed is set ; and 

in accordance with either information set in the access 
permission table, said memory interface unit determines 
whether or not block-unit data processing can be executed. 

22. A program providing medium for providing a computer 
program which controls a computer system to execute data 
processing by a data processing device comprising a memory 
interface unit for accessing data storage means and a 
control unit for controlling said memory interface unit, 

wherein the computer program comprises the steps of: 

setting an access permission table which is stored in a 
data storage area in said data storage means; 

determining, by referring to the access permission 
table in response to an access command to access said data 
storage means, whether or not to execute the access command; 
and 

executing only a process which is set executable by the 
access permission table. 



